Syn 'N Destroy ! (Update new version)

It's time to introduce Synator a new Ultra Fast TCP Port Scanner based on the Syn Scan technique (You have already guessed that by the name right ?). It is very similar to Synscan (http://www.bindshell.net/tools/synscan) but a lot easier to use and require no compilation, it uses the libraries from SinFP (http://www.gomor.org/bin/view/Sinfp) to handle all the low level network interaction.

Why using it ? :

Now why would you use this tool instead of the widely used nmap port scanner ?

1. Because you don't like to wait
2. Because when nmap receives his acknowledgments a bit slowly (slow network or slow server) it reduces the scan speed (it takes sometime 10 minutes or more).
3. Because you have a huge IP range to scan and you want to be able to scan 65535 ports on all IP in a reasonable delay.

Features:

• Simple & efficient design
• Service identification using amap
• Source Port option
• Fast scan based on Nmap Top port
• Fexible Slow scan to avoid scan detection (-d and -m option)
  

Performances:

• On a good LAN network it takes approximately 2m30 sec to scan all open ports of a host.
• On Internet it is quite variable but tends to settle around 2 minutes (from 1m20 sec to 2m40) when using a high speed connection against a Fast server (ideal conditions ...).
  

Online Help:

Here is the help message when your launch the synator without any parameter

Usage: bin/Synator2v1.pl
[-h IP]
[-s tcp|udp]
[-f OutputFilename]
(-p Destination PortNumber)
(-S Source PortNumber)
(-b Service Banner Grabbing)
(-c ShowClosedPort)
(-d DelayInSeconds)
(-m maxSynPacketBeforeDelay)
Options -p support multiple value separated by ',' and '-' ie 21,80 or 1-100.

Important Note:

• Using a hostname instead of an IP address is not supported yet (is it really useful ?)
  
• Avoid scanning with a wifi card
• Avoid using synator inside a Virtual Machine, there is a high performance drop !

Known Bugs or limitations:

• Synator does not work with some wifi card like the WPN311, this is bug due to libdnet that is unable to get the network configuration from the card "addr_net: undef input".

TODO:

• Perform DNS resolution when a hostname is given as IP
  

Screenshots:

using supercat to colorize the log

Download:
source
debian package
package using repository

Introducing the Debian Repository

To use the Debian package from the repository just add theses 2 lines to your /etc/apt/sources.list

deb http://ppa.launchpad.net/thr3atseek3r/ubuntu hardy main
deb-src http://ppa.launchpad.net/thr3atseek3r/ubuntu hardy main

For those using a non Debian based system I recommend retrieving the source directly using any HTTP client (who's said wget ?). Once extracted the tools should be usable right away !

PS: Don't worry if you don't have Ubuntu hardy it will work anyway as long as your distro use debian packages.

Searching for Threats ?

It's the first post on my new security blog, this blog focuses on the security tools I've been using during pentest or on those that I've written specifically for certain tasks.

For all the tools I've made the common features are:

• written in perl
• few dependencies as possible
• portability when possible
  
• flexibility
• preferred OS is Ubuntu Linux hardy but they should work on other Debian based distro as well (I'll make win32 version of some if there is a huge demand for this)
  
• a debian package and a repository are provided

If some of you wants to give an hand to improve the tools or to contribute to this site feel free to contact me.